Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/68707f-f2a8-4f53-ba5c-31dfbbb914ed/1/TMi91_TT4N9Du_EN3cIhrUTxerU.roa
File:                     TMi91_TT4N9Du_EN3cIhrUTxerU.roa (raw, json)
Hash identifier:          dsOQzlKfWSvpkq7fXI0xfYG35/bX7lWUROXQ0vqIcFU=
Subject key identifier:   4C:C8:BD:D7:F4:D3:E0:DF:43:BB:F1:0D:DD:C2:21:AD:44:F1:7A:B5
Certificate issuer:       /CN=ed77ba4f32f2426170afc9e25914c13490ff5db6
Certificate serial:       018CC500098A69D5F16FC5963BE70C422EC3
Authority key identifier: ED:77:BA:4F:32:F2:42:61:70:AF:C9:E2:59:14:C1:34:90:FF:5D:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7Xe6TzLyQmFwr8niWRTBNJD_XbY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/68707f-f2a8-4f53-ba5c-31dfbbb914ed/1/TMi91_TT4N9Du_EN3cIhrUTxerU.roa
Signing time:             Mon 01 Jan 2024 12:29:23 +0000
ROA not before:           Mon 01 Jan 2024 12:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     22773
IP address blocks:        195.64.124.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/68707f-f2a8-4f53-ba5c-31dfbbb914ed/1/7Xe6TzLyQmFwr8niWRTBNJD_XbY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/68707f-f2a8-4f53-ba5c-31dfbbb914ed/1/7Xe6TzLyQmFwr8niWRTBNJD_XbY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7Xe6TzLyQmFwr8niWRTBNJD_XbY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Apr 2024 23:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:09:8a:69:d5:f1:6f:c5:96:3b:e7:0c:42:2e:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ed77ba4f32f2426170afc9e25914c13490ff5db6
        Validity
            Not Before: Jan  1 12:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4cc8bdd7f4d3e0df43bbf10dddc221ad44f17ab5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:75:11:57:22:95:80:f7:a2:11:1f:01:45:fa:
                    0e:93:3c:e2:08:fa:68:b1:c0:9f:9c:fc:af:08:cb:
                    9f:23:f5:4f:c4:d2:6f:c3:0d:21:7c:1f:f8:76:9a:
                    f3:7c:81:34:1e:0d:4d:81:21:ac:ca:f5:2e:14:55:
                    f6:cd:3a:23:86:01:e0:d4:80:b8:f6:34:2b:38:69:
                    47:ea:e1:5d:86:ac:4f:ed:a2:7f:6a:34:27:d6:3b:
                    9f:74:50:30:47:9d:2e:f2:a7:d0:1f:ac:8f:da:a4:
                    b1:52:9a:55:e1:83:4b:2e:ab:0f:fc:75:2e:6f:2e:
                    9c:a7:6b:6d:81:3d:02:57:56:99:c3:c4:2d:d0:11:
                    6b:3f:9c:e7:ca:6d:e0:05:ed:7f:d7:54:2e:79:a9:
                    f0:e7:e2:18:30:c2:e0:b9:32:e0:15:9c:56:b0:7e:
                    cd:42:6c:51:c5:66:c2:07:80:05:d8:a1:3c:6d:eb:
                    07:8b:17:00:4a:3e:31:5c:5e:cb:67:41:1e:0c:af:
                    85:37:30:82:43:c1:91:88:a5:07:ea:7f:58:3d:9c:
                    19:21:3a:1d:9e:fb:03:45:7a:3f:98:b9:8c:83:31:
                    18:7d:44:bd:35:11:c7:46:0e:87:cf:f5:5a:cb:03:
                    2d:d6:5c:a8:b7:0c:d5:1b:f6:93:c3:dc:39:95:69:
                    58:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:C8:BD:D7:F4:D3:E0:DF:43:BB:F1:0D:DD:C2:21:AD:44:F1:7A:B5
            X509v3 Authority Key Identifier:
                keyid:ED:77:BA:4F:32:F2:42:61:70:AF:C9:E2:59:14:C1:34:90:FF:5D:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7Xe6TzLyQmFwr8niWRTBNJD_XbY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/68707f-f2a8-4f53-ba5c-31dfbbb914ed/1/TMi91_TT4N9Du_EN3cIhrUTxerU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/68707f-f2a8-4f53-ba5c-31dfbbb914ed/1/7Xe6TzLyQmFwr8niWRTBNJD_XbY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.64.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:bb:40:f6:d9:fe:67:3c:8a:43:e7:95:22:cc:1a:d1:36:7a:
         a1:3d:3b:b9:c6:d6:94:8f:64:f4:55:28:28:06:43:c0:a9:ec:
         d8:48:3f:ff:90:9d:2f:b7:b0:4e:6a:9e:fc:f0:e6:c3:f2:4c:
         d7:cb:96:dd:1e:cc:0b:b3:c8:a5:df:11:78:78:4a:3c:82:86:
         97:c6:57:f3:56:c0:bb:16:8f:a7:ba:8a:76:76:64:98:0a:8a:
         88:5a:66:57:7f:54:bf:f7:04:ea:b6:f8:62:cf:17:b7:14:c5:
         40:d6:26:43:bd:6f:3a:97:a8:b2:3f:5c:19:e0:e8:7b:ca:00:
         6d:de:0e:99:a8:78:0e:f7:6e:21:82:d8:fb:cc:68:34:50:90:
         d0:ee:7e:ee:73:9f:5a:37:89:e9:a7:79:ad:5a:f5:1b:38:f2:
         83:70:c4:d8:89:42:42:86:7b:2b:99:2f:5c:53:64:0d:ca:44:
         60:79:5f:36:cc:32:bf:29:d0:04:61:51:3a:fe:1f:2e:c4:7e:
         d8:35:5e:68:3d:4d:17:a9:52:db:55:96:12:50:6a:cf:b2:19:
         e6:62:34:a1:12:e0:ac:e7:41:38:e0:bc:2e:12:1d:23:7f:64:
         03:3a:67:ea:17:f1:0f:dd:e5:07:d7:16:76:54:51:a9:72:a0:
         86:c9:25:d7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAAmKadXxb8WWO+cMQi7DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkNzdiYTRmMzJmMjQyNjE3MGFmYzllMjU5MTRjMTM0OTBm
ZjVkYjYwHhcNMjQwMTAxMTIyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Y2M4YmRkN2Y0ZDNlMGRmNDNiYmYxMGRkZGMyMjFhZDQ0ZjE3YWI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhHURVyKVgPeiER8BRfoOkzziCPpo
scCfnPyvCMufI/VPxNJvww0hfB/4dprzfIE0Hg1NgSGsyvUuFFX2zTojhgHg1IC4
9jQrOGlH6uFdhqxP7aJ/ajQn1jufdFAwR50u8qfQH6yP2qSxUppV4YNLLqsP/HUu
by6cp2ttgT0CV1aZw8Qt0BFrP5znym3gBe1/11Queanw5+IYMMLguTLgFZxWsH7N
QmxRxWbCB4AF2KE8besHixcASj4xXF7LZ0EeDK+FNzCCQ8GRiKUH6n9YPZwZITod
nvsDRXo/mLmMgzEYfUS9NRHHRg6Hz/VaywMt1lyotwzVG/aTw9w5lWlYfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEzIvdf00+DfQ7vxDd3CIa1E8Xq1MB8GA1UdIwQY
MBaAFO13uk8y8kJhcK/J4lkUwTSQ/122MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN1hlNlR6THlRbUZ3cjhuaVdSVEJOSkRfWGJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC82ODcwN2YtZjJhOC00ZjUzLWJhNWMt
MzFkZmJiYjkxNGVkLzEvVE1pOTFfVFQ0TjlEdV9FTjNjSWhyVVR4ZXJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC82ODcwN2YtZjJhOC00ZjUzLWJhNWMtMzFkZmJiYjkxNGVk
LzEvN1hlNlR6THlRbUZ3cjhuaVdSVEJOSkRfWGJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw0B8MA0G
CSqGSIb3DQEBCwUAA4IBAQBZu0D22f5nPIpD55UizBrRNnqhPTu5xtaUj2T0VSgo
BkPAqezYSD//kJ0vt7BOap788ObD8kzXy5bdHswLs8il3xF4eEo8goaXxlfzVsC7
Fo+nuop2dmSYCoqIWmZXf1S/9wTqtvhizxe3FMVA1iZDvW86l6iyP1wZ4Oh7ygBt
3g6ZqHgO924hgtj7zGg0UJDQ7n7uc59aN4npp3mtWvUbOPKDcMTYiUJChnsrmS9c
U2QNykRgeV82zDK/KdAEYVE6/h8uxH7YNV5oPU0XqVLbVZYSUGrPshnmYjShEuCs
50E44LwuEh0jf2QDOmfqF/EP3eUH1xZ2VFGpcqCGySXX
-----END CERTIFICATE-----